v0.2.2 — now on npm

Is your project
quantum-safe?

Shor's algorithm breaks ECDSA, RSA, and secp256k1 completely. Scan your npm dependencies and source code for quantum-vulnerable cryptography in seconds.

$ npx quantum-audit .
 
Quantum Audit — my-dapp
────────────────────────────────────────
Score: 60/100
Grade: C — Moderate Exposure
 
Findings:
[CRITICAL] ECDSA (secp256k1) — package.json
[MEDIUM]   SHA-256 — src/utils/hash.js:14
 
Critical findings rely on RSA/ECDSA, broken by Shor's algorithm.
npx quantum-audit .
View on GitHub
What it detects

Top blockchain packages — all flagged

Every major Ethereum and Bitcoin npm package relies on ECDSA/secp256k1. None have a post-quantum migration path documented.

CRITICAL ethers ECDSA (secp256k1) signing
CRITICAL web3 ECDSA (secp256k1) signing
CRITICAL elliptic ECDSA (secp256k1 / p256)
CRITICAL bitcoinjs-lib ECDSA (secp256k1)
CRITICAL node-rsa RSA — broken by Shor's algorithm
MEDIUM crypto-js AES-128 / SHA-256 — weakened by Grover's
SAFE @noble/post-quantum Kyber / Dilithium / SPHINCS+
How it works

Two scanning layers

Catches vulnerable crypto at the dependency level and in your source code directly.

LAYER 01

Dependency scan

Maps your package.json against a curated database of 20+ crypto libraries and their underlying algorithms. Instant results, no source required.

LAYER 02

AST source scan

Walks your JS/TS source via Babel AST to catch direct node:crypto calls — createSign('RSA-SHA256'), generateKeyPairSync('ec') — that dependency scanning misses.

CI READY

Exit codes for pipelines

Exits non-zero on critical findings. Drop npx quantum-audit . into any CI pipeline to gate on quantum exposure automatically.

Scoring

0–100 quantum readiness score

Critical findings (broken by Shor's algorithm) are weighted heavily. Medium findings (weakened by Grover's) reduce the score proportionally.

A
90–100
Quantum Ready
B
70–89
Low Exposure
C
40–69
Moderate Exposure
D
15–39
High Exposure
F
0–14
Critical Exposure

Scan your project now

Takes 10 seconds. No account required.

npx quantum-audit .
Read the writeup
Copied!